Docs Standalone Kubernetes Tutorials Standalone Kubernetes Models Blog Enterprise Community Get Started GitHub

Enrich access logs

Verified Code examples on this page have been automatically tested and verified.

When building or debugging transformations, you can log CEL variables to inspect what values are available at runtime. Configure an AgentgatewayPolicy resource with spec.frontend.accessLog to add custom attributes to the structured access log using CEL expressions.

Before you begin

  1. Set up an agentgateway proxy.
  2. Install the httpbin sample app.

Log specific request data

Add access log attributes with CEL expressions.

  1. Create an AgentgatewayPolicy resource that targets your Gateway and adds CEL variables as log attributes.

    kubectl apply -f- <<EOF
apiVersion: agentgateway.dev/v1alpha1
kind: AgentgatewayPolicy
metadata:
  name: access-logs
  namespace: agentgateway-system
spec:
  targetRefs:
  - group: gateway.networking.k8s.io
    kind: Gateway
    name: agentgateway-proxy
  frontend:
    accessLog:
      attributes:
        add:
        - name: request_path
          expression: request.path
        - name: request_method
          expression: request.method
        - name: client_ip
          expression: source.address
EOF

  2. Send a request through the gateway.

    curl -vi http://$INGRESS_GW_ADDRESS:80/get \
 -H "host: www.example.com:80"
    curl -vi localhost:8080/get \
-H "host: www.example.com"

  3. Check the agentgateway logs to verify that the CEL variables are being logged.

    kubectl logs -n agentgateway-system -l app.kubernetes.io/name=agentgateway-proxy --tail=1

    Example output:

    info	request gateway=agentgateway-system/agentgateway-proxy
listener=http route=httpbin/httpbin endpoint=10.244.0.7:8080
src.addr=10.244.0.1:8468 http.method=GET http.host=www.example.com
http.path=/get http.version=HTTP/1.1 http.status=200 protocol=http
duration=0ms request_path="/get" request_method="GET" client_ip="10.244.0.1"

Log only specific requests

Add a filter CEL expression to log only requests that match a condition. This configuration is useful for reducing log volume by capturing only error responses or specific traffic patterns.

  1. Create an AgentgatewayPolicy resource with a filter field that logs requests only if the response status code that is equal to or higher than 400.

    kubectl apply -f- <<EOF
apiVersion: agentgateway.dev/v1alpha1
kind: AgentgatewayPolicy
metadata:
  name: access-logs
  namespace: agentgateway-system
spec:
  targetRefs:
  - group: gateway.networking.k8s.io
    kind: Gateway
    name: agentgateway-proxy
  frontend:
    accessLog:
      filter: response.code >= 400
      attributes:
        add:
        - name: request_path
          expression: request.path
        - name: status_code
          expression: string(response.code)
EOF

  2. Send a request that returns a 400 response.

    curl -vi http://$INGRESS_GW_ADDRESS:80/status/400 \
 -H "host: www.example.com:80"
    curl -vi localhost:8080/status/400 \
-H "host: www.example.com"

  3. Check the agentgateway logs. Verify that the log entry is written.

    kubectl logs -n agentgateway-system -l app.kubernetes.io/name=agentgateway-proxy --tail=1

    Example output:

    info	request gateway=agentgateway-system/agentgateway-proxy listener=http
route=httpbin/httpbin endpoint=10.244.0.7:8080 src.addr=10.244.0.1:37259
http.method=GET http.host=www.example.com http.path=/status/400
http.version=HTTP/1.1 http.status=400 protocol=http duration=0ms
request_path="/status/400" status_code="400"

  4. Send a request that returns a 200 response.

    curl -vi http://$INGRESS_GW_ADDRESS:80/get \
 -H "host: www.example.com:80"
    curl -vi localhost:8080/get \
-H "host: www.example.com"

  5. Check the agentgateway logs. Verify that no log entry is written and the last entry was from the previous unsuccessful request. The log entry for the successful request is absent because the response code was 200, which does not match the response.code >= 400 filter.

    kubectl logs -n agentgateway-system -l app.kubernetes.io/name=agentgateway-proxy --tail=1

    Example output:

    info	request gateway=agentgateway-system/agentgateway-proxy listener=http
route=httpbin/httpbin endpoint=10.244.0.7:8080 src.addr=10.244.0.1:37259
http.method=GET http.host=www.example.com http.path=/status/400
http.version=HTTP/1.1 http.status=400 protocol=http duration=0ms
request_path="/status/400" status_code="400"

Cleanup

You can remove the resources that you created in this guide.
kubectl delete AgentgatewayPolicy access-logs -n agentgateway-system
Validate and set request body defaults
Agentgateway assistant

Ask me anything about agentgateway configuration, features, or usage.

Note: AI-generated content might contain errors; please verify and test all returned information.

Tip: one topic per conversation gives the best results. Use the + button in the chat header to start a new conversation.

Switching topics? Starting a new conversation improves accuracy.
↑↓ navigate select esc dismiss

What could be improved?

Your feedback helps us improve assistant answers and identify docs gaps we should fix.

Need more help? Join us on Discord: https://discord.gg/y9efgEmppm

Want to use your own agent? Add the Solo MCP server to query our docs directly. Get started here: https://search.solo.io/.